June 25, 2024

An international crime syndicate is apparently behind a deceptive online retail scheme.

This prevalent illicit e-commerce circle has purportedly swindled over 850,000 shoppers across the USA and Europe.

Security Research Labs, a cybersecurity consultancy, states that this illicit network, dubbed “BogusBazaar,” runs an impressive assemblage of over 75,000 domains with counterfeit webshops. These fake shops usually aim for expired domains carrying a decent Google reputation.

From 2021, BogusBazaar has reportedly handled over 1 million orders, amounting to over $50 million. However, not all orders led to payments, implying the actual financial impact on the victims is a tad lower.

Security Research Labs approximated that around 22,500 counterfeit sites managed by BogusBazaar remained active as of April 2024. The syndicate primarily functions from China, focusing on consumers in the US and Western Europe.

[Read further: Businesses and consumers alike experience increased fraud in 2023]

Modus Operandi

Security Research Labs explain how BogusBazaar executes its scam:

  • It primarily lures shoppers to its bogus e-commerce websites through deceitful offers of low-priced branded shoes and clothing.
  • Shoppers are then coaxed into entering their personal and credit card data on counterfeit payment pages, allowing the syndicate to gather this information.
  • Payment is done through services like PayPal, Stripe, and credit card options. As a result, shoppers either don’t receive the products they’ve bought or only acquire low-grade counterfeit versions.

Advanced Infrastructure Strategy

What aids BogusBazaar’s success is its intricate infrastructure setup. The backend comprises an “infrastructure-as-a-service” model run by decentralised illegal franchises on a hosted platform providing tailor-made software and WordPress plugins. Most servers are located in the US, hosting a plethora of fraudulent site IP addresses.

For the front-end, if a payment page gets flagged for fraud, the criminals can set up a new one to keep the online storefront’s facade. BogusBazaar reportedly develops bogus sites “semi-automatically” with customised names and logos and stringent quality assurance protocols to make sites seem genuine.

Get more details on the Security Research Labs blog post related to this online hoax.

As per insights provided by Roger Grimes, KnowBe4’s data-driven defence evangelist, to Chain Store Age, increasing consumer awareness of these scams is crucial in combating such online fraud

“Discerning such social engineering scams can be challenging,” stated Roger Grimes in the email. “The potential solutions include informing potential customers about too good to be true offers and urging people only to provide their credit card data to confirmed, reputable vendors and sites.”